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The Claims 

Claims 1-25. (Canceled). 

26. (Currently amended) A system comprising: 

an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system; and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the syste m, wherein only one of 
the plurality of management agents can correspond to a top-level ownership 
domain at a time, and wherein any of the other management agents can revoke the 
ton-level ownership domain . 

27. (Original) A system as recited in claim 26, wherein the controller is 
further to terminate execution of a software engine in the system in response to a 
request from a management device corresponding to one of the plurality of 
management agents. 
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28. (Original) A system as recited in claim 26, wherein the controller is 
further to initiate execution of a software engine in the system in response to a 
request from a management device corresponding to one of the plurality of 
management agents. 

29. (Currently amended) A system as recited in claim 26, wherein one 
of tho plurality of ownership domains i s a the top-level ownership domain has 
having a first set of rights, and wherein each of the other ownership domains in the 
plurality of ownership domains has a second set of rights. 

30. (Original) A system as recited in claim 29, wherein the second set 
of rights is more restrictive than the first set of rights. 

31. (Currently amended) A system as reoitod in claim 2 9 comprising: 

an interface allowing management devices corresponding to a plurality of 
management apents responsible for managing the system to access the system: and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents bv ass ign™ p <* *ch of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights, and wherein the first set of rights 
includes: the right to create new ownership domains, the right to access system 

ip^hayes^ wwsm 3 Application No. 09/695,820 

PAGE 5/17 ' RCVD AT 11/15/2004 5:39:55 PM [Eastern Standard Time] * SVR:USPT0€FXRF-1/4 ' DNIS:8729306 1 CSID:509 323 8979 ' DURATION (mm-ss):04-28 



NOU 15 2004 14:56 FR LEE - HAYES PLL 509 323 8979 TO 17038729306 



P. 06/17 



memory, the right to access a mass storage device of the system, the right to 
modify filters in the system, the right to start execution of software engines in the 
system, the right to stop execution of software engines in the system, the right to 
debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system. 

32. (Currently amended) A system as r e cited in claim 20 comprising: 
an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system: and 
a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents bv assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights , and wherein the second set of rights 
includes: the right to revoke an existing ownership domain, the right to modify 
filters in the system, the right to change authentication credentials for the 
ownership domain, and the right to subscribe to machine events and packet filter 
events at the system. 
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33. (Currently amended) A system as recited in olaim 29 comprising: 
an interface allowing management devices corresponding to a plurality of 

management agents responsible for managing the system to access the system: and 
a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights, and wherein the first set of rights 
includes: the right to create new ownership domains, the right to access system 
memory, the right to access a mass storage device of the system, and the right to 
modify filters in the system. 

34. (Currently amended) A system a s recited in olaim - 29 comprising: 

an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system: and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights, and wherein the second set of rights 
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includes: the right to revoke an existing ownership domain and the right to modify 
filters in the system, including the right to add a filter that cannot be subverted by 
a management agent assigned to the top-level ownership domain. 

35. (Currently amended) A system 03 rcoitcd in olaim 29 comprising: 

an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system: and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents bv assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights, and wherein the controller allows a 
device corresponding to any one of the other ownership domains to revoke the 
top-level ownership domain, and wherein the controller erases a system memory 
during the revocation process. 

36. (Canceled), 

37. (Currently amended) A system as r e cited in claim 26 comprising: 
an interface allowing management devices corresponding to a plurality of 

management agents responsible for managing the system to access the system: and 
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a controller to operate as a trusted third party mediatine interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system * wherein only one of 
the plurality of management agents can correspond to a top-level ownership 
domain at a time, and wherein the one management agent can create a new 
ownership domain for a new management agent, and wherein the new ownership 
domain becomes the new top-level ownership domain, 

38. (Currently amended) A system as reoitod in olaim 26 comprising: 
an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system: and 
a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system, wherein only one of 
the plurality of management agents can correspond to a top-level ownership 
domain at a time, wherein which of the plurality of management agents 
corresponds to the top-level ownership domain at any given time can vary over 
time, and wherein the controller erases a system memory each time a change 
occurs in which of the plurality of management agents corresponds to the top-level 
ownership domain. 
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39. (Original) A system as recited in claim 26, wherein the system 
comprises a node in a co-location facility. 

40. (Currently amended) A method comprising: 

associating each of a plurality of management agents with one of a plurality 
of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights; aad 

restricting which requests from management devices corresponding to the 
. plurality of management agents are carried out based at least in part on the rights 
of the management agent; 

allowing which of the plurality of management agents has the extended set 
of rights to change over time: and 

erasing a system memory each time a change occurs in which of the 
plurality of management agents has the extended set of rights . 

41. (Original) A method as recited in claim 40, where each of the 
plurality of management agents corresponds to one or more management devices 
that are coupled to the computer. 
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42. (Currently amended) A method as .recit e d in claim 4 0 comprising: 
associating each of a plurality of management agents with one of a plurality 

of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer: 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights, wherein the extended set of 
rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, the right 
to modify filters in the system, the right to start execution of software engines in 
the system, the right to stop execution of software engines in the system, the right 
to debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system : and 

restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent . 

43. (Currently amended) A method an rooitod in claim 4 0 comprising: 
associating each of a plurality of management agents with one of a plurality 

of ownership domains, wherein each of the plurality of management agents is 
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responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights, wherein the more limited set of 
rights includes: the right to revoke an existing ownership domain, the right to 
modify filters in the system, the right to change authentication credentials for the 
ownership domain, and the right to subscribe to machine events and packet filter 
events at the system : and 

restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent , 

44. (Currently amended) A method as recited in claim AO comprising; 

associating each of a plurality of management agents with one of a plurality 
of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights, wherein the extended set of 
rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, and the 
right to modify filters in the syste m; and 
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restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent , 

45. (Currently amended) A method as rooitcd - in olaim 40 comprising: 
associating each of a plurality of management agents with one of a plurality 

of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer: 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights, wherein the more limited set of 
rights includes: the right to revoke an existing ownership domain and the right to 
modify filters in the system, including the right to add a filter that cannot be 
subverted by a management agent assigned to the top-level ownership domain; 
and 

restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent . 

46. (Currently amended) A method as recited in claim 40 comprising: 
associating each of a plurality of management agents with one of a plurality 

of ownership domains, wherein each of the plurality of management agents is 
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responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time* and assigning the remaining 
management devices a more limited set of rights , wherein the one management 
agent corresponds to a top-level ownership domain, and wherein any of the other 
management agents can revoke the rights of the one management agen t; and 

restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent 

47. (Original) A method as recited in claim 40, further comprising: 
assigning, by the one management agent having the extended set of rights, 

the extended set of rights to a new management agent; 

assigning the one management agent to having the more limited set of 

rights. 

48. (Canceled). 

49. (Original) A method as recited in claim 40, further comprising 
terminating execution of a software engine in the computer in response to a 
request from a management device corresponding the one management agent 
having the extended set of rights. 
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50. (Currently amended) A method as recited in claim 40, further 
comprising initiating execution of a software engine in the computer in response to 
a request from a management device corresponding to the one management agent 
having the extended set of rights. 

51. (Original) A method as recited in claim 40, wherein the computer 
comprises a node in a co-location facility. 

52. (Canceled). 
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